CVE-2008-2253 - Unspecified vulnerability in Microsoft Windows Media Player 11 allows remote attackers to execute ar

CVE-2008-2253

Summary

Unspecified vulnerability in Microsoft Windows Media Player 11 allows remote attackers to execute arbitrary code via a crafted audio-only file that is streamed from a Server-Side Playlist (SSPL) on Windows Media Server, aka "Windows Media Player Sampling Rate Vulnerability." http://www.microsoft.com/technet/security/Bulletin/MS08-054.mspx Security updates are available from Microsoft Update, Windows Update, and Office Update. Security updates are also available from the Microsoft Download Center. You can find them most easily by doing a keyword search for "security update. *Windows Server 2008 server core installation not affected. The vulnerability addressed by this update does not affect supported editions of Windows Server 2008 if Windows Server 2008 was installed using the Server Core installation option, even though the files affected by this vulnerability may be present on the system. However, users with the affected files will still be offered this update because the update files are newer (with higher version numbers) than the files that are currently on your system. For more information on this installation option, see Server Core. Note that the Server Core installation option does not apply to certain editions of Windows Server 2008; see Compare Server Core Installation Options.

References

Vulnerable Configurations

cpe:2.3:a:microsoft:windows_media_player:11:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:windows_media_player:11:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows-nt:2008:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows-nt:2008:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows-nt:2008:*:*:*:*:*:x64:*
cpe:2.3:o:microsoft:windows-nt:2008:*:*:*:*:*:x64:*
cpe:2.3:o:microsoft:windows-nt:xp:*:*:*:gold:*:x64:*
cpe:2.3:o:microsoft:windows-nt:xp:*:*:*:gold:*:x64:*
cpe:2.3:o:microsoft:windows-nt:xp:sp2:*:*:pro:*:x64:*
cpe:2.3:o:microsoft:windows-nt:xp:sp2:*:*:pro:*:x64:*
cpe:2.3:o:microsoft:windows-nt:xp:sp3:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows-nt:xp:sp3:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_xp:-:sp2:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_xp:-:sp2:*:*:*:*:*:*

CVSS

Base:	9.3 (as of 30-10-2018 - 16:25)
Impact:
Exploitability:

CWE

CWE-94

CAPEC

Code Injection
An adversary exploits a weakness in input validation on the target to inject new code into that which is currently executing. This differs from code inclusion in that code inclusion involves the addition or replacement of a reference to a code file, which is subsequently loaded by the target and used as part of the code of some application.
Leverage Executable Code in Non-Executable Files
An attack of this type exploits a system's trust in configuration and resource files. When the executable loads the resource (such as an image file or configuration file) the attacker has modified the file to either execute malicious code directly or manipulate the target process (e.g. application server) to execute based on the malicious configuration parameters. Since systems are increasingly interrelated mashing up resources from local and remote sources the possibility of this attack occurring is high.
Manipulating User-Controlled Variables
This attack targets user controlled variables (DEBUG=1, PHP Globals, and So Forth). An attacker can override environment variables leveraging user-supplied, untrusted query variables directly used on the application server without any data sanitization. In extreme cases, the attacker can change variables controlling the business logic of the application. For instance, in languages like PHP, a number of poorly set default configurations may allow the user to override variables.

Access

Vector	Complexity	Authentication
NETWORK	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
COMPLETE	COMPLETE	COMPLETE

cvss-vector via4

AV:N/AC:M/Au:N/C:C/I:C/A:C

oval via4

accepted

2014-08-18T04:05:59.988-04:00

class

vulnerability

contributors

name Sudhir Gandhe
organization Secure Elements, Inc.
name Sudhir Gandhe
organization Secure Elements, Inc.
name Maria Mikhno
organization ALTX-SOFT

definition_extensions

comment Microsoft Windows XP (32-bit) is installed
oval oval:org.mitre.oval:def:1353
comment Microsoft Windows XP x64 is installed
oval oval:org.mitre.oval:def:15247
comment Windows Media Player v11 is installed.
oval oval:org.mitre.oval:def:2126
comment Microsoft Windows Vista (32-bit) is installed
oval oval:org.mitre.oval:def:1282
comment Microsoft Windows Server 2008 (32-bit) is installed
oval oval:org.mitre.oval:def:4870
comment Windows Media Player v11 is installed.
oval oval:org.mitre.oval:def:2126
comment Microsoft Windows Vista (32-bit) is installed
oval oval:org.mitre.oval:def:1282
comment Windows Media Player v11 is installed.
oval oval:org.mitre.oval:def:2126
comment Microsoft Windows Vista x64 Edition is installed
oval oval:org.mitre.oval:def:2041
comment Windows Media Player v11 is installed.
oval oval:org.mitre.oval:def:2126
comment Microsoft Windows Vista x64 Edition is installed
oval oval:org.mitre.oval:def:2041
comment Microsoft Windows Server 2008 (64-bit) is installed
oval oval:org.mitre.oval:def:5356
comment Windows Media Player v11 is installed.
oval oval:org.mitre.oval:def:2126

description

family

windows

oval:org.mitre.oval:def:5615

status

accepted

submitted

2008-09-09T13:58:00

title

Windows Media Player Sampling Rate Vulnerability

version

refmap via4

bid	30550
cert	TA08-253A
confirm	http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=766863#PRODUCTS
hp	HPSBST02372 SSRT080133
sectrack	1020831
vupen	ADV-2008-2522

Last major update

30-10-2018 - 16:25

Published

11-09-2008 - 01:10

Last modified

30-10-2018 - 16:25